<feed xmlns='http://www.w3.org/2005/Atom'>
<title>kernel/linux.git/security/selinux, branch v7.2-rc1</title>
<subtitle>Linux kernel stable tree (mirror)</subtitle>
<id>https://git.radix-linux.su/kernel/linux.git/atom?h=v7.2-rc1</id>
<link rel='self' href='https://git.radix-linux.su/kernel/linux.git/atom?h=v7.2-rc1'/>
<link rel='alternate' type='text/html' href='https://git.radix-linux.su/kernel/linux.git/'/>
<updated>2026-06-17T11:41:00+00:00</updated>
<entry>
<title>Merge tag 'selinux-pr-20260615' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux</title>
<updated>2026-06-17T11:41:00+00:00</updated>
<author>
<name>Linus Torvalds</name>
<email>torvalds@linux-foundation.org</email>
</author>
<published>2026-06-17T11:41:00+00:00</published>
<link rel='alternate' type='text/html' href='https://git.radix-linux.su/kernel/linux.git/commit/?id=231e9d447ea97033ae8b8dff7b910e6269d7c5af'/>
<id>urn:sha1:231e9d447ea97033ae8b8dff7b910e6269d7c5af</id>
<content type='text'>
Pull selinux updates from Paul Moore:
 "A number of SELinux patches, almost all of which are either minor
  fixes or hardening patches:

   - Additional verifications when loading new SELinux policy

     Multiple patches by Christian Göttsche to add additional
     validations to the code responsible for loading and parsing SELinux
     policy as it is loaded into the kernel.

   - Avoid nontransitive comparisons comparisons in our sorting code

     Done to prevent unexpected sorting results due to overflow. Qualys
     documented a similar issue with glibc

	https://www.qualys.com/2024/01/30/qsort.txt

   - Consistently use u16 for SELinux security classes

   - Move from page allocations to kmalloc() based allocations

     Unfortunately one of these patches had to be reverted, but you
     should see a fixed version during the next merge window.

   - Move from kmalloc_objs() to kzalloc_objs() in the policy load code

   - Reorder sel_kill_sb() slightly to match other pseudo filesystems

   - Simplify things with QSTR() instead of QSTR_INIT()

   - Minor comment typo fixes"

* tag 'selinux-pr-20260615' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux:
  selinux: revert use of __getname() in selinux_genfs_get_sid()
  selinux: comment spelling fix in ibpkey.c
  selinux: comment typo fix in selinuxfs.c
  selinux: hooks: use __getname() to allocate path buffer
  selinux: use k[mz]alloc() to allocate temporary buffers
  selinux: check for simple types
  selinux: more strict bounds check
  selinux: beef up isvalid checks
  selinux: reorder policydb_index()
  selinux: check type attr map overflows
  selinux: check length fields in policies
  selinux: more strict policy parsing
  selinux: use u16 for security classes
  selinux: avoid nontransitive comparison
  selinux: switch two allocations to use kzalloc_objs()
  selinux: fix sel_kill_sb()
  selinux: use QSTR() instead of QSTR_INIT() in init_sel_fs
</content>
</entry>
<entry>
<title>Merge tag 'lsm-pr-20260615' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/lsm</title>
<updated>2026-06-17T11:34:16+00:00</updated>
<author>
<name>Linus Torvalds</name>
<email>torvalds@linux-foundation.org</email>
</author>
<published>2026-06-17T11:34:16+00:00</published>
<link rel='alternate' type='text/html' href='https://git.radix-linux.su/kernel/linux.git/commit/?id=87599bd29856ea7bfdd62591c581c8be5a4719ee'/>
<id>urn:sha1:87599bd29856ea7bfdd62591c581c8be5a4719ee</id>
<content type='text'>
Pull lsm update from Paul Moore:
 "A single LSM update the security_inode_listsecurity() hook to be able
  to leverage the xattr_list_one() helper function.

  We wanted to do this for a while, but we needed to fixup the callers
  in the NFS code first. With the NFS code changes shipping in Linux
  v7.0 and no one complaining, it seemed a good time to complete the
  shift"

* tag 'lsm-pr-20260615' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/lsm:
  security,fs,nfs,net: update security_inode_listsecurity() interface
</content>
</entry>
<entry>
<title>Merge tag 'ipsec-next-2026-06-12' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next</title>
<updated>2026-06-13T20:16:39+00:00</updated>
<author>
<name>Jakub Kicinski</name>
<email>kuba@kernel.org</email>
</author>
<published>2026-06-13T20:16:38+00:00</published>
<link rel='alternate' type='text/html' href='https://git.radix-linux.su/kernel/linux.git/commit/?id=431662b642c7f1312612e6f53e8583625d51c125'/>
<id>urn:sha1:431662b642c7f1312612e6f53e8583625d51c125</id>
<content type='text'>
Steffen Klassert says:

====================
pull request (net-next): ipsec-next 2026-06-12

1) Replace the open-coded manual cleanup in xfrm_add_policy() error
   path with xfrm_policy_destroy() for consistency with
   xfrm_policy_construct().
   From Deepanshu Kartikey.

2) Limit XFRMA_TFCPAD to a sensible maximum (max IP length, 64k) since
   u32 is excessive for traffic flow confidentiality padding.
   From David Ahern.

3) Add a new netlink message XFRM_MSG_MIGRATE_STATE that
   allows migrating individual IPsec SAs independently of
   their policies. The existing XFRM_MSG_MIGRATE is tightly coupled
   to policy+SA migration, lacks SPI for unique SA identification,
   and cannot express reqid changes or migrate Transport mode
   selectors. The new interface identifies the SA via SPI and mark,
   supports reqid changes, address family changes, encap removal,
   and uses an atomic create+install flow under x-&gt;lock to prevent
   SN/IV reuse during AEAD SA migration.
   From Antony Antony.

* tag 'ipsec-next-2026-06-12' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next:
  xfrm: add documentation for XFRM_MSG_MIGRATE_STATE
  xfrm: restrict netlink attributes for XFRM_MSG_MIGRATE_STATE
  xfrm: add XFRM_MSG_MIGRATE_STATE for single SA migration
  xfrm: make xfrm_dev_state_add xuo parameter const
  xfrm: extract address family and selector validation helpers
  xfrm: refactor XFRMA_MTIMER_THRESH validation into a helper
  xfrm: move encap and xuo into struct xfrm_migrate
  xfrm: add error messages to state migration
  xfrm: add state synchronization after migration
  xfrm: check family before comparing addresses in migrate
  xfrm: split xfrm_state_migrate into create and install functions
  xfrm: rename reqid in xfrm_migrate
  xfrm: fix NAT-related field inheritance in SA migration
  xfrm: allow migration from UDP encapsulated to non-encapsulated ESP
  xfrm: add extack to xfrm_init_state
  xfrm: remove redundant assignments
  xfrm: Reject excessive values for XFRMA_TFCPAD
  xfrm: cleanup error path in xfrm_add_policy()
====================

Link: https://patch.msgid.link/20260612074725.1760473-1-steffen.klassert@secunet.com
Signed-off-by: Jakub Kicinski &lt;kuba@kernel.org&gt;
</content>
</entry>
<entry>
<title>xfrm: add XFRM_MSG_MIGRATE_STATE for single SA migration</title>
<updated>2026-06-04T10:22:47+00:00</updated>
<author>
<name>Antony Antony</name>
<email>antony.antony@secunet.com</email>
</author>
<published>2026-05-26T19:09:51+00:00</published>
<link rel='alternate' type='text/html' href='https://git.radix-linux.su/kernel/linux.git/commit/?id=a9d155ea9b44d9b979796506bec518222f10b9e6'/>
<id>urn:sha1:a9d155ea9b44d9b979796506bec518222f10b9e6</id>
<content type='text'>
Add a new netlink method to migrate a single xfrm_state.
Unlike the existing migration mechanism (SA + policy), this
supports migrating only the SA and allows changing the reqid.

The SA is looked up via xfrm_usersa_id, which uniquely
identifies it, so old_saddr is not needed. old_daddr is carried in
xfrm_usersa_id.daddr.

The reqid is invariant in the old migration.

Signed-off-by: Antony Antony &lt;antony.antony@secunet.com&gt;
Signed-off-by: Steffen Klassert &lt;steffen.klassert@secunet.com&gt;
</content>
</entry>
<entry>
<title>selinux: revert use of __getname() in selinux_genfs_get_sid()</title>
<updated>2026-05-29T15:24:37+00:00</updated>
<author>
<name>Paul Moore</name>
<email>paul@paul-moore.com</email>
</author>
<published>2026-05-29T15:24:37+00:00</published>
<link rel='alternate' type='text/html' href='https://git.radix-linux.su/kernel/linux.git/commit/?id=033182baeab63ce96a6eb8aef1a6cd444fcf9519'/>
<id>urn:sha1:033182baeab63ce96a6eb8aef1a6cd444fcf9519</id>
<content type='text'>
Revert commit 54067bacb49c ("selinux: hooks: use __getname() to allocate
path buffer") as it improperly assumed that PATH_MAX == PAGE_SIZE
everywhere.  Moving away from __get_free_page() is still a good thing and
will be revisited in the future.

Cc: Mike Rapoport (Microsoft) &lt;rppt@kernel.org&gt;
Reported-by: Venkat Rao Bagalkote &lt;venkat88@linux.ibm.com&gt;
Signed-off-by: Paul Moore &lt;paul@paul-moore.com&gt;
</content>
</entry>
<entry>
<title>selinux: comment spelling fix in ibpkey.c</title>
<updated>2026-05-28T00:10:48+00:00</updated>
<author>
<name>Kalevi Kolttonen</name>
<email>kalevi@kolttonen.fi</email>
</author>
<published>2026-05-01T19:14:20+00:00</published>
<link rel='alternate' type='text/html' href='https://git.radix-linux.su/kernel/linux.git/commit/?id=447e04178b776c82dad431f8af26086b5ce9a391'/>
<id>urn:sha1:447e04178b776c82dad431f8af26086b5ce9a391</id>
<content type='text'>
Signed-off-by: Kalevi Kolttonen &lt;kalevi@kolttonen.fi&gt;
[PM: updated subject line]
Signed-off-by: Paul Moore &lt;paul@paul-moore.com&gt;
</content>
</entry>
<entry>
<title>selinux: comment typo fix in selinuxfs.c</title>
<updated>2026-05-28T00:09:20+00:00</updated>
<author>
<name>Kalevi Kolttonen</name>
<email>kalevi@kolttonen.fi</email>
</author>
<published>2026-05-01T18:59:39+00:00</published>
<link rel='alternate' type='text/html' href='https://git.radix-linux.su/kernel/linux.git/commit/?id=626e33fa20c852caef037edef77fac590e7a9dc0'/>
<id>urn:sha1:626e33fa20c852caef037edef77fac590e7a9dc0</id>
<content type='text'>
Signed-off-by: Kalevi Kolttonen &lt;kalevi@kolttonen.fi&gt;
[PM: updated subject line]
Signed-off-by: Paul Moore &lt;paul@paul-moore.com&gt;
</content>
</entry>
<entry>
<title>selinux: hooks: use __getname() to allocate path buffer</title>
<updated>2026-05-27T23:42:40+00:00</updated>
<author>
<name>Mike Rapoport (Microsoft)</name>
<email>rppt@kernel.org</email>
</author>
<published>2026-05-20T08:18:56+00:00</published>
<link rel='alternate' type='text/html' href='https://git.radix-linux.su/kernel/linux.git/commit/?id=54067bacb49caeada82b20b6bd706dca0cb99ffc'/>
<id>urn:sha1:54067bacb49caeada82b20b6bd706dca0cb99ffc</id>
<content type='text'>
selinux_genfs_get_sid() allocates memory for a path with __get_free_page()
although there is a dedicated helper for allocation of file paths:
__getname().

Replace __get_free_page() for allocation of a path buffer with __getname().

Signed-off-by: Mike Rapoport (Microsoft) &lt;rppt@kernel.org&gt;
Signed-off-by: Paul Moore &lt;paul@paul-moore.com&gt;
</content>
</entry>
<entry>
<title>selinux: use k[mz]alloc() to allocate temporary buffers</title>
<updated>2026-05-27T23:42:39+00:00</updated>
<author>
<name>Mike Rapoport (Microsoft)</name>
<email>rppt@kernel.org</email>
</author>
<published>2026-05-20T08:18:55+00:00</published>
<link rel='alternate' type='text/html' href='https://git.radix-linux.su/kernel/linux.git/commit/?id=bc3f08d1ef15ebbd32faf0b10cd9699b90b9d30c'/>
<id>urn:sha1:bc3f08d1ef15ebbd32faf0b10cd9699b90b9d30c</id>
<content type='text'>
Several functions in selinuxfs.c allocate temporary buffers using
__get_free_page() or get_zeroed_page().

These buffers are used either to store a string generated by snprintf() (in
sel_make_bools()) or to copy data from user (sel_read_avc_hash_stats() and
sel_read_sidtab_hash_stats()).

Such usage does not require struct page access and it is better to allocate
these buffers with kzalloc()/kmalloc() that provide better scalability and
more debugging possibilities.

Replace use of get_zeroed_page() with kzalloc() and usage of
__get_free_page() with kmalloc().

Link: https://lore.kernel.org/all/635405e4-9423-4a25-a6e7-e03c8ea0bcbe@redhat.com
Signed-off-by: Mike Rapoport (Microsoft) &lt;rppt@kernel.org&gt;
Signed-off-by: Paul Moore &lt;paul@paul-moore.com&gt;
</content>
</entry>
<entry>
<title>selinux: check for simple types</title>
<updated>2026-05-06T23:43:22+00:00</updated>
<author>
<name>Christian Göttsche</name>
<email>cgzones@googlemail.com</email>
</author>
<published>2025-05-11T17:30:12+00:00</published>
<link rel='alternate' type='text/html' href='https://git.radix-linux.su/kernel/linux.git/commit/?id=2f0af91353cb64b54cfee5423820d2149039338d'/>
<id>urn:sha1:2f0af91353cb64b54cfee5423820d2149039338d</id>
<content type='text'>
Validate that the target of AVTAB_TYPE rules and file transitions are
simple types and not attributes.

Signed-off-by: Christian Göttsche &lt;cgzones@googlemail.com&gt;
Acked-by: Stephen Smalley &lt;stephen.smalley.work@gmail.com&gt;
[PM: merge fuzz, dropped parts due to dependencies]
Signed-off-by: Paul Moore &lt;paul@paul-moore.com&gt;
</content>
</entry>
</feed>
